Deprecate catalog replacements and whitelists
Bug #1383817 reported by
David Stanek
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Identity (keystone) |
Fix Released
|
High
|
David Stanek | ||
Bug Description
Bug #1354208 reported a security flaw in the way that we performed substitution for catalog URLs. The immediate solution was to add a whitelist of config fields that are safe to use with substitution. The long term goal is to get rid of this feature and only allow tenant_id and user_id to be used for substitution.
The first step for the Kilo release is to deprecate the feature.
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix proposed to keystone (master) | #1 |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Change abandoned on keystone (master) | #2 |
| Changed in keystone: | |
| status: | In Progress → Fix Committed |
| Changed in keystone: | |
| status: | Fix Committed → Fix Released |
| Changed in keystone: | |
| milestone: | kilo-1 → 2015.1.0 |
Revision history for this message
| huangpengtaohw (huangpengtao) wrote | #3 |
Revision history for this message
| David Stanek (dstanek) wrote | #4 |
To post a comment you must log in.
Fix proposed to branch: master
Review: https:/